Malicious Twitter code? Twitter took its desktop Twitter client, TweetDeck, offline yesterday following what is reported to be a massive security breach, with multiple reports of malicious code emanating from a few major accounts, including politicians and major news outlets.

The Twitter accounts of BBC News and a senior White House official were among thousands affected by a TweetDeck hack.

The vulnerability, initially discovered by a 19-year-old Austrian programmer, meant that programming code could be executed in the Google Chrome TweetDeck plugin, which allowed anyone with coding knowledge to create unsolicited popup windows in the Tweetdeck program with custom messages.

The programmer, who discovered the bug, said that he found the glitch accidentally and once discovered he created a script to display a custom popup on the program and immediately reported the glitch to the app’s developers.

Initially Tweetdeck advised users to log out of the service to avoid their accounts being compromised but when this proved ineffective he service was shut down. Tweetdeck reports that the problem, known as an XSS vulnerability, has been fixed, and that the service is now back on.

“We’ve verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience,”

Being Safe Online

Whilst webmasters could not have done anything to prevent their accounts being compromised with the Tweetdeck issue being a software flaw, it just serves to remind us that extra viginlence is required to protect our online business profiles from attack.

It wasnt me I was hacked, honest

Whilst we can all try and protect ourselves from being hacked there are some very public examples of what not to do in an online PR crisis. One of them is to not pretend you were hacked after you’ve been caught out sending something online that you should have. Just ask Anthony Weiner how it turned out for him.

Weiner is an American former Democratic congressman and in 2011 he sent a ‘weiner’ pic via his public Twitter account to a woman who was following him on Twitter. As the PR storm erupted, he opted to try and blame hackers and issue denial after denial but then (as is often the case) other instances came to light and he then publicly apologised to sending multiple explicit images to multiple woman over a lengthy period and as a consequence he also resigned from office.

*update – On May 19, 2017, Weiner pled guilty to a sexting charge of transferring obscene material to a minor, and was sentenced to 21 months in prison, ordered to pay a $10,000 fine, and was required to permanently register as a sex offender. Granted no amount of online reputation management would have changed the outcome here but thankfully for most small to medium businesses, extinction level events are rarer than they seem to be for politicians.

Mistakes happen in business. Sometimes you say or do something that you later come to regret but in the fast paced media of the internet how you react to a crisis can be more damaging to the offending incident so it pays to have a good crisis strategy meeting with your PR team, before you say anything publicly as the internet has a very very long memory.

If your business is facing a PR crisis and you’re worried about scandalous or malicious Twitter posts from employees becoming public, negative online reviews or other negative brand and reputational issues, get in touch.